Jason, For testing only, if the firewall/gateway is configured correctly shouldn't the lan clients be able to reach the internet with out a firewall?
I haven't worked with iptables, how do I add the rules to an existing rule set or build a new rule set? Ken --- Jason Staudenmayer <[EMAIL PROTECTED]> wrote: > Yeah the NAT table is in the iptables. Test these > rules: > > iptables -t nat -A POSTROUTING -s > 192.168.1.0/255.255.255.0 -o eth1 -j SNAT > --to-source outside_address > iptables -t nat -A POSTROUTING -s > 192.168.1.0/255.255.255.0 -j MASQUERADE > > These should work. > > > -----Original Message----- > From: Ken Plumley [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 09, 2003 4:14 PM > To: [EMAIL PROTECTED] > Subject: RE: Firewall / Internet Gateway Config > Fails > > > Jason, > > Ok I will set GATEWAYDEV=eth0 > > I replaced an existing RH 6.2 firewall/gateway > machine > with the new RH 8.0 machine. The new machine has > the > same name and IP number that the old machine did so > all the machines on the lan are already configured > to > point to the new firewall/gateway. > > Are NAT rules the firewall rules? > > I shutdown the iptables firewall before I started > testing but the lan clients still can not reach the > internet. > > Ken > > --- Jason Staudenmayer <[EMAIL PROTECTED]> > wrote: > > The first way is right. You have to set up NAT > rules > > and set the gateways on > > your clients to point to your > > router/gateway/firewall > > > > -----Original Message----- > > From: Ken Plumley [mailto:[EMAIL PROTECTED] > > Sent: Saturday, August 09, 2003 3:37 PM > > To: Redhat List > > Subject: Firewall / Internet Gateway Config Fails > > > > > > I am trying to configure a red hat linux 8.0 > > combination firewall/internet gateway that serves > a > > LAN. > > > > eth0 is used with dhcp to reach the internet > through > > a > > cable modem. > > > > eth1 is used with a static IP to reach the LAN. > > > > With the GATEWAYDEV set to eth0 the machine can > > reach > > the internet and the lan at the same time but will > > not > > provide access from the lan to the internet. > > > > With the GATEWAYDEV set to eth1, as I think it > > should > > be, the machine can NOT reach the internet but can > > reach the lan. > > > > What am I configuring wrong? > > > > Any help would be much appreciated. > > > > Thanks, > > > > Ken > > > > Below are the network file configurations: > > > > File: > > /etc/sysconfig/network > > > > NETWORKING=yes > > HOSTNAME=firewallgate > > FORWARD_IPV4="yes" > > GATEWAYDEV=eth1 > > GATEWAY=0.0.0.0 > > > > > > File: > > /etc/sysconfig/networking/devices/ifcfg-eth0 > > > > USERCTL=yes > > PEERDNS=yes > > TYPE=Ethernet > > DEVICE=eth0 > > BOOTPROTO=dhcp > > ONBOOT=yes > > HWADDR=(The HWADDR is correct) > > > > > > File: > > /etc/sysconfig/networking/devices/ifcfg-eth1 > > > > USERCTL=yes > > PEERDNS=no > > TYPE=Ethernet > > DEVICE=eth1 > > HWADDR=(The HWADDR is correct) > > BOOTPROTO=none > > NETMASK=255.255.255.0 > > ONBOOT=yes > > IPADDR=192.168.1.3 > > NETWORK=192.168.1.0 > > BROADCAST=192.168.1.255 > > GATEWAY=0.0.0.0 > > > > > > File: > > /etc/sysconfig/networking/devices/eth0-route > > > > GATEWAY0=0.0.0.0 > > NETMASK0=0.0.0.0 > > ADDRESS0=0.0.0.0 > > > > > > File: > > /etc/sysconfig/networking/devices/eth1-route > > > > GATEWAY0=0.0.0.0 > > NETMASK0=255.255.255.255 > > ADDRESS0=192.168.1.3 > > > > > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! SiteBuilder - Free, easy-to-use web site > > design software > > http://sitebuilder.yahoo.com > > > > > > -- > > redhat-list mailing list > > unsubscribe > > > mailto:[EMAIL PROTECTED] > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > > redhat-list mailing list > > unsubscribe > > > mailto:[EMAIL PROTECTED] > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > http://sitebuilder.yahoo.com > > > -- > redhat-list mailing list > unsubscribe > mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe > mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
